Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,143,314 members, 7,780,762 topics. Date: Thursday, 28 March 2024 at 09:27 PM

Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online (1074 Views)

See How To Make Your Blog Visible On Google Yahoo And Bing Here / Your Website On First Page Of Google, Yahoo And Bing. (2) (3) (4)

(1) (Reply) (Go Down)

Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online by DExplorer1: 9:24am On May 07, 2016
Hold Security finds hacker trying to offload stash of 272.3 million stolen email account credentials

Details of millions of hacked Google, Yahoo, and Microsoft email accounts have appeared online, where a Russian hacker was attempting to sell them on an online forum.


The 272.3 million stolen accounts mostly consisted of Mail.ru email account credentials, Russia’s largest email service, according to Reuters.

But the security researcher who uncovered the stash of email credentials said that Google, Yahoo, and Microsoft email accounts were also up for sale.

1.17 billion records



Alex Holden, founder of Hold Security, told the agency that he and his team of researchers found a Russian hacker boasting on a forum that he was ready to offload a batch of stolen email credentials, consisting of 1.17 billion records. Those credentials included the 272.3 million stolen email accounts.

After a process of deleting duplicate records, Holden told Reuters he ended up with almost 57 million Mail.ru accounts, a significant proportion of Mail.ru’s 100 million active users.

The dump of data also contained “tens of million” of credentials for Gmail, Microsoft, and Yahoo email accounts, along with hundreds of thousands of other accounts associated with Chinese and German email providers.

TechWeekEurope is awaiting response from Microsoft, Google, and Yahoo.

‘Potent’

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Holden is quoted as saying.

“These credentials can be abused multiple times.”


But in the end, the hacker gave up the stash of credentials for free, on the basis that Holden and Hold Security would give praise to the hacker in online forums for allegedly obtaining the data in the first place.

Holden told TechWeekEurope today that his main concern is the hacker’s lack of importance to the data considering its potential potency.

“If he gave away this data to us, he might of done it countless other times to different groups of hackers which may abuse or repost this data in many different malicious ways,” he said.

A Mail.ru spokesperson, after being told about the breach, told the agency: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

According to Holden, there 40 million Yahoo Mail credentials involved in the breach. Microsoft Hotmail accounts made up 33 million of the credentials, with 24 million belonging to Gmail users. Alongside these, thousands of other login credentials were found that belong to employees in some of the biggest US manufacturing, banking, and retail companies.

“50 rubles is what the hacker wants for this incredibly large set of data. He can’t be serious; based on today’s exchange rate it is less than one US dollar. This greatly impacts the data’s credibility and value, similar to an expensive sports car being sold for pennies at auction,” Hold Security said in a blog post.

Getting rid

“’I am just getting rid of it but I won’t do it for free’, he replies. In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause. It is rather funny to negotiate over this, but finally the hacker just asks us to add likes/votes to his social media page (so much for anonymity). That we can do, and once he is satisfied with the results we get a link to an incredible 10 gigabytes in a compressed database, which takes us more than hour to download.

“Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information.

“At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials – 15 percent of the total, that we have never seen before.”

Past success

It was 2014 when Holden and his team found a cache of 1.2 billion stolen credentials in the world’s largest ever case of stolen accounts.

According to research by Hold Security, a group dubbed ‘CyberVor’ (‘CyberThief’ in Russian) had been using several botnets to automate the process of scanning for vulnerabilities such as SQL injection flaws. Later, they simply attacked the websites which were proven to be vulnerable to gain access to the credentials.

In October 2013, Hold Security identified a data breach with Adobe Systems. Later in December that year, the firm independently identified and tracked the Target breach.


Read more at http://www.techweekeurope.co.uk/security/millions-stolen-email-accounts-microsoft-google-yahoo-191267


********************************************************************************************************
It's advisable you change your password to be sure of your email security.

1 Like

Re: Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online by DExplorer1: 9:29am On May 07, 2016
Seun, Lalasticlala and relevant mod should help on its awareness.
Re: Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online by Nobody: 9:45am On May 07, 2016
This cybercrime is becoming the order of the day
Re: Password Hack! 272 Million Stolen Login Of Microsoft, Google, Yahoo Found Online by AlphaCEO: 5:36pm On Jul 30, 2021
DExplorer1:
Hold Security finds hacker trying to offload stash of 272.3 million stolen email account credentials

Details of millions of hacked Google, Yahoo, and Microsoft email accounts have appeared online, where a Russian hacker was attempting to sell them on an online forum.


The 272.3 million stolen accounts mostly consisted of Mail.ru email account credentials, Russia’s largest email service, according to Reuters.

But the security researcher who uncovered the stash of email credentials said that Google, Yahoo, and Microsoft email accounts were also up for sale.

1.17 billion records



Alex Holden, founder of Hold Security, told the agency that he and his team of researchers found a Russian hacker boasting on a forum that he was ready to offload a batch of stolen email credentials, consisting of 1.17 billion records. Those credentials included the 272.3 million stolen email accounts.

After a process of deleting duplicate records, Holden told Reuters he ended up with almost 57 million Mail.ru accounts, a significant proportion of Mail.ru’s 100 million active users.

The dump of data also contained “tens of million” of credentials for Gmail, Microsoft, and Yahoo email accounts, along with hundreds of thousands of other accounts associated with Chinese and German email providers.

TechWeekEurope is awaiting response from Microsoft, Google, and Yahoo.

‘Potent’

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” Holden is quoted as saying.

“These credentials can be abused multiple times.”


But in the end, the hacker gave up the stash of credentials for free, on the basis that Holden and Hold Security would give praise to the hacker in online forums for allegedly obtaining the data in the first place.

Holden told TechWeekEurope today that his main concern is the hacker’s lack of importance to the data considering its potential potency.

“If he gave away this data to us, he might of done it countless other times to different groups of hackers which may abuse or repost this data in many different malicious ways,” he said.

A Mail.ru spokesperson, after being told about the breach, told the agency: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

According to Holden, there 40 million Yahoo Mail credentials involved in the breach. Microsoft Hotmail accounts made up 33 million of the credentials, with 24 million belonging to Gmail users. Alongside these, thousands of other login credentials were found that belong to employees in some of the biggest US manufacturing, banking, and retail companies.

“50 rubles is what the hacker wants for this incredibly large set of data. He can’t be serious; based on today’s exchange rate it is less than one US dollar. This greatly impacts the data’s credibility and value, similar to an expensive sports car being sold for pennies at auction,” Hold Security said in a blog post.

Getting rid

“’I am just getting rid of it but I won’t do it for free’, he replies. In all reality, 50 rubles is next to nothing, but we refuse to contribute even insignificant amounts to his cause. It is rather funny to negotiate over this, but finally the hacker just asks us to add likes/votes to his social media page (so much for anonymity). That we can do, and once he is satisfied with the results we get a link to an incredible 10 gigabytes in a compressed database, which takes us more than hour to download.

“Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information.

“At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials – 15 percent of the total, that we have never seen before.”

Past success

It was 2014 when Holden and his team found a cache of 1.2 billion stolen credentials in the world’s largest ever case of stolen accounts.

According to research by Hold Security, a group dubbed ‘CyberVor’ (‘CyberThief’ in Russian) had been using several botnets to automate the process of scanning for vulnerabilities such as SQL injection flaws. Later, they simply attacked the websites which were proven to be vulnerable to gain access to the credentials.

In October 2013, Hold Security identified a data breach with Adobe Systems. Later in December that year, the firm independently identified and tracked the Target breach.


Read more at http://www.techweekeurope.co.uk/security/millions-stolen-email-accounts-microsoft-google-yahoo-191267


********************************************************************************************************
It's advisable you change your password to be sure of your email security.
Crazy Darkweb.

(1) (Reply)

Nairaland Forum Rival: Advise Pls.... / Had Google Adsense Approved Me? Pls Help / CPA & Affiliate Marketing Training

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 37
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.